Code: p26 Severity: Warning
Description: PhaseZero is a Trojan Horse offering the attacker control of the victim host. This event is generated when the victim server replies to an attackers client connection request. Impact: Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to. This Trojan also has the ability to delete data, steal passwords and disable the machine. Corrective: Edit the system registry to remove the extra keys or restore a previously known good copy of the registry. Affected registry keys are: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Registry keys added: MsgServ Delete the server program msgsvr32.exe and/or ServerS.exe. A reboot of the infected machine is recommended.
|
